Skip to content

Inside DNAnexus

Product updates, industry insights, opinions and references. From the team powering the Genomics Revolution.

DNAnexus Not Impacted by Cloudflare Information Leak (“Cloudbleed”)

A serious bug within the code running on Cloudflare edge servers may have leaked sensitive data from a large number of websites over many months. First, and most importantly, the DNAnexus Platform has not been impacted by this incident and no DNAnexus user data has been leaked.

Cloudflare provides Content Distribution Network (CDN) services, which enable providers of web content to enhance user experience by caching web content on edge servers geographically proximate to the web client. As part of a shared service, each edge server presents web content from multiple Cloudflare customers.

The bug led to a condition whereby the edge servers were returning content entirely unrelated to the requested web content, and that leaked content contained unencrypted private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. Search engines subsequently crawled and cached this leaked content, enabling it to be searched. For example, a web request to a ride sharing service could have resulted in leaked content being returned from a dating service.

DNAnexus uses the Cloudflare CDN service only to accelerate serving of public web content, such as web site images, help text, and html/css. DNAnexus does not serve any credentials, tokens, nor user data via the CDN and thus DNAnexus users are not impacted by this bug, and no DNAnexus user information has been leaked.

DNAnexus users do not need to change their DNAnexus password, unless they use similar passwords for other websites that were affected. We strongly recommend that users always choose a unique password for their DNAnexus account and that they configure their account to use two-factor authentication as described in the DNAnexus wiki documentation.

If you have any questions about your account, please contact our customer support team at support@dnanexus.com.

About DNAnexus

DNAnexus the leader in biomedical informatics and data management, has created the global network for genomics and other biomedical data, operating in 33 countries including North America, Europe, China, Australia, South America, and Africa. The secure, scalable, and collaborative DNAnexus Platform helps thousands of researchers across a spectrum of industries — biopharmaceutical, bioagricultural, sequencing services, clinical diagnostics, government, and research consortia — accelerate their genomics programs.

The DNAnexus team is made up of experts in computational biology and cloud computing who work with organizations to tackle some of the most exciting opportunities in human health, making it easier—and in many cases feasible—to work with genomic data. With DNAnexus, organizations can stay a step ahead in leveraging genomics to achieve their goals. The future of human health is in genomics. DNAnexus brings it all together.